Survey on Adversarial Attack for Malware Detection

Malicious software, commonly known as malware, refers to any type of intrusive software designed to perform harmful actions on a computer system. Recently, Machine Learning (ML) techniques have been used to create new malware variants, enabling attackers to generate thousands of previously unseen malware samples. Traditional detection methods, such as signature-based detection, rely on prior knowledge of malware and therefore often fail to identify new variants. This limitation has led cybersecurity experts to increasingly adopt ML techniques for malware detection. While ML-based approaches have shown promising results by generalizing malware signatures to detect previously unseen malware, they remain vulnerable to adversarial attacks. Adversarial attacks leverage carefully crafted malware samples designed to evade ML-based detectors by exploiting algorithmic vulnerabilities. To develop new defense methods against these attacks, a clear understanding of adversarial techniques is essential. This study compiles and categorizes the latest research on adversarial attacks in the field to support researchers in developing robust malware detection models. It expands on existing surveys by analyzing adversarial attacks based on attack settings, techniques, success rates, evaluation metrics, and future research directions. This study also proposes promising areas for future research, aiming to highlight gaps in the current body of knowledge

Enhancing Malware Analysis and Detection Using Adversarial Machine Learning Techniques

In the realm of modern technology, malware has become a paramount concern. Defined as any software designed with malicious intent, malware manifests in numerous types that infect computer systems and devices. As of 2023, executable files account for 53% of computer viruses\u27 spread. Compounded by the emergence of AI and polymorphic malware, attackers have intensified their efforts to obfuscate malicious code, rendering traditional defenses, such as signature-based detection systems, ineffective. To counter the evolving nature of modern malware, the adoption of machine learning (ML) models for detection has gained prominence. These models are able to continuously analyze memory and other data, identifying new patterns and features that aid in uncovering previously hidden malware variants. While ML-based detection systems demonstrate commendable performance, they still have vulnerabilities that necessitate further exploration. In this research proposal, we aim to address the aforementioned gaps and challenges by developing novel techniques to robustify ML-based malware detection systems. Specifically, we will focus on designing a testing framework that utilizes adversarial machine learning to generate AEs as variants of known modern malware datasets. These AEs will simulate real-world attack strategies, thereby enabling researchers to continuously update detection systems and enhance their resilience against emerging threats. Additionally, we will explore the development of comprehensive evaluation methods that incorporate robustness as a central metric to gauge the effectiveness of ML-based detection systems

XGB-RF: A Hybrid Machine Learning Approach for IoT Intrusion Detection

In the past few years, Internet of Things (IoT) devices have evolved faster and the use of these devices is exceedingly increasing to make our daily activities easier than ever. However, numerous security flaws persist on IoT devices due to the fact that the majority of them lack the memory and computing resources necessary for adequate security operations. As a result, IoT devices are affected by a variety of attacks. A single attack on network systems or devices can lead to significant damages in data security and privacy. However, machine-learning techniques can be applied to detect IoT attacks. In this paper, a hybrid machine learning scheme called XGB-RF is proposed for detecting intrusion attacks. The proposed hybrid method was applied to the N-BaIoT dataset containing hazardous botnet attacks. Random forest (RF) was used for the feature selection and eXtreme Gradient Boosting (XGB) classifier was used to detect different types of attacks on IoT environments. The performance of the proposed XGB-RF scheme is evaluated based on several evaluation metrics and demonstrates that the model successfully detects 99.94% of the attacks. After comparing it with state-of-the-art algorithms, our proposed model has achieved better performance for every metric. As the proposed scheme is capable of detecting botnet attacks effectively, it can significantly contribute to reducing the security concerns associated with IoT systems

XGB-RF: A Hybrid Machine Learning Approach for IoT Intrusion Detection

In the past few years, Internet of Things (IoT) devices have evolved faster and the use of these devices is exceedingly increasing to make our daily activities easier than ever. However, numerous security flaws persist on IoT devices due to the fact that the majority of them lack the memory and computing resources necessary for adequate security operations. As a result, IoT devices are affected by a variety of attacks. A single attack on network systems or devices can lead to significant damages in data security and privacy. However, machine-learning techniques can be applied to detect IoT attacks. In this paper, a hybrid machine learning scheme called XGB-RF is proposed for detecting intrusion attacks. The proposed hybrid method was applied to the N-BaIoT dataset containing hazardous botnet attacks. Random forest (RF) was used for the feature selection and eXtreme Gradient Boosting (XGB) classifier was used to detect different types of attacks on IoT environments. The performance of the proposed XGB-RF scheme is evaluated based on several evaluation metrics and demonstrates that the model successfully detects 99.94% of the attacks. After comparing it with state-of-the-art algorithms, our proposed model has achieved better performance for every metric. As the proposed scheme is capable of detecting botnet attacks effectively, it can significantly contribute to reducing the security concerns associated with IoT systems